Author: Cameron Garnham 2017-05-26 06:30:08
Published on: 2017-05-26T06:30:08+00:00
A security vulnerability known as "ASICBOOST" or CVE-2017-9230 is actively being exploited. The vulnerability is severe and has been discussed on the bitcoin-dev mailing list. Jeremy Rubin has published a detailed report on this vulnerability. Andreas Antonopoulos has also presented on why asicboost is dangerous. In the #bitcoin-core-dev IRC channel, it was proposed to use SegWit as a partial-mitigation of the vulnerability. SegWit partially mitigates asicboost, making the use of covert asicboost more conspicuous. There was a proposal to strengthen this mitigation by another soft-fork that makes the inclusion of witness commits mandatory. The security trade-offs of deploying a partial-mitigation to CVE-2017-9230 quickly vs more slowly but more conservatively is under intense debate. The author of this post prefers the swiftest viable option. Discussions regarding ASICBOOST's perverse incentives created by Ryan Grant and its non-independent PoW calculation by Tier Nolan have taken place. Evidence of active exploit has been provided by Gregory Maxwell. Links to all relevant sources of information have been provided.
Updated on: 2023-05-20T02:35:04.583974+00:00